from the THE-DATABASE-IS-MADE-OF-PEOPLE! dept

Every day in the US, millions of license plate photos are scanned and stored in various third-party databases, accessible by hundreds of law enforcement agencies, including those at the federal level. Privacy concerns have been raised by groups like the EFF and ACLU, but these have been brushed off with two assertions:

The first point can't really be argued. Your expectation of privacy pretty much ends when you start traveling on public streets. But the massive number of plate photos scanned and stored still creates privacy concerns. Most of the photos stored in law enforcement databases have nothing to do with ongoing investigations, and long-term storage of irrelevant plate/location data allows law enforcement to "track" anyone it wants to. Further concerns arise when agencies troll events like political rallies to add plates to their databases. It may not be a privacy violation, but it does raise questions about surveillance of First Amendment-protected activities.

In addition to tracking license plates, the federal government has been taking and sharing photos of drivers and passengers inside the cars, documents obtained by the American Civil Liberties Union show.

License plate readers (LPRs) are designed to provide “the requester” with images of license plate vehicle numbers, in addition to “photos of visible vehicle occupants,” one of the newly released documents reads.

Another document obtained by the ACLU reveals the cameras have the ability to “store up to 10 photos per vehicle transaction including 4 occupant photos.”

The reality of the situation doesn't mesh with law enforcement's statements. And with ALPR manufacturers like Vigilant Solutions hoping to add facial recognition technology to their products, law enforcement agencies will soon have access to millions of individuals' photos, a large majority of which aren't currently under investigation.

The DEA's database alone holds at least 343 million LPR photos. Other law enforcement agencies are adding millions of shots to these shared databases daily. While the expectation of privacy is lowered in public settings, the millions of photos amassed turn these databases into long-term tracking devices. Surveillance of this scope used to be limited by personnel availability. Now, it's as easy as leaving camera running for the entire shift -- day after day after day. This low-effort process builds easy-to-use "maps" of citizens' movements -- where they work, where they live, which businesses they frequent, where they spend their "off" hours, which doctors they use, etc. And it's all at the fingertips of federal, state and local law enforcement agencies.

No law enforcement agencies are willing to talk about the implications of storing millions of "non-hit" photos. Los Angeles law enforcement officials went so far as to claim all captured photos were "relevant" to investigations. What little has been uncovered has been the results of tenacious FOIA requesters or open records lawsuits. The efforts being made to keep this information out of the public eye has very little to do with "protecting law enforcement methods" and everything to do with minimizing the amount of scrutiny or criticism these agencies face.

With the steady improvement of facial recognition technology, law enforcement agencies will soon know not only where your vehicle's been, but who was in it. The push back against this technology isn't so much about preventing its use, but preventing its abuse. Storing records unrelated to criminal activity for years is nothing more than stockpiling of data for its own sake -- nearly completely divorced from the actual business of enforcing laws.

from the disband-the-dea dept

What is up with the DEA? For all the focus on the NSA, the CIA and even the FBI, it really seems like the agency that is absolutely out of control is the DEA. In just the last few months, we've written about the DEA having its own giant database of metadata on phone calls (with less oversight than the NSA), how it has embedded telco employees who are able to snoop on subscribers in real-time for the DEA, how the DEA is deeply involved in parallel construction (using intelligence info collected under questionable means to arrest someone and then to hide or lie to judges about that information), how it paid a secretary at Amtrak $850,000 to give them all of Amtrak's passenger lists, how it was (with the NSA) recording every single phone call in the Bahamas and, finally, how it was impersonating people on Facebook.

And now, the latest is that the DEA has been building a massive database of your travel habits using automatic license plate readers. These license plate readers have been used increasingly by law enforcement, and the ACLU has been tracking their growing usage for years. A year ago, we wrote about Homeland Security putting out a call for a national license plate reader program, resulting in public outrage. While it eventually scrapped those public plans, we noted at the time that DHS still had access to plenty of other databases of license plate reader data, including one in ICE (Immigrations and Customs Enforcement).

But the latest news is that the DEA also had a huge database of this info as well:

The new DEA records that we received are heavily redacted and incomplete, but they provide the most complete documentation of the DEA’s database to date. For example, the DEA has previously testified that its license plate reader program began at the southwest border crossings, and that the agency planned to gradually increase its reach; we now know more about to where it has grown. The DEA had previously suggested that “other sources” would be able to feed data into the database; we now know about some of the types of agencies collaborating with the DEA.

The documents uncovered by our FOIA request provide additional details, but their usefulness is limited by the DEA’s decision to provide only documents that are undated or years old. If the DEA’s collection of location information is as extensive as the agency has suggested in its limited comments to legislatures, the public deserves a more complete and comprehensive explanation than the smattering of records we have obtained can provide.

These records do, however, offer documentation that this program is a major DEA initiative that has the potential to track our movements around the country. With its jurisdiction and its finances, the federal government is uniquely positioned to create a centralized repository of all drivers’ movements across the country — and the DEA seems to be moving toward doing just that. If license plate readers continue to proliferate without restriction and the DEA holds license plate reader data for extended periods of time, the agency will soon possess a detailed and invasive depiction of our lives (particularly if combined with other data about individuals collected by the government, such as the DEA’s recently revealed bulk phone records program, or cell phone information gleaned from U.S. Marshals Service’s cell site simulator-equipped aircraft ). Data-mining the information, an unproven law enforcement technique that the DEA has begun to use here, only exacerbates these concerns, potentially tagging people as criminals without due process.

Among the information the ACLU's new documents show, is that the DEA already taps into other agencies' license plate reader databases, including local law enforcement and federal agencies like those in DHS. The records the ACLU obtained note that there were over 343 million records in the database (but the redactions on the document obscure the date of that finding, so it's likely much larger today).

Oh, and then there's this: one of the main points of the program is to help law enforcement steal seize things from the public:

A spokesman for Justice Department, which includes the DEA, said the program complies with federal law. “It is not new that the DEA uses the license-plate reader program to arrest criminals and stop the flow of drugs in areas of high trafficking intensity,’’ the spokesman said.

That's a bullshit response on any number of levels. It may not be new that the DEA is using the technology, but the extent of its usage, and the efforts it has taken to keep it secret are new. On top of that, the fact that its primary purpose is to help with seizures is a pretty big deal, especially given the rest of what the DEA has been doing lately. It makes you wonder if there's any oversight at all on this stuff.

from the the-finest-in-haystacking-technology dept

The sales pitch for automatic license plate readers is how great they are at helping cops solve crimes. From hunting down stolen cars to tracking pedophiles across jurisdictions, ALPRs supposedly make policing a breeze by gathering millions of time/date/location records every single day and making it all available to any law enforcement agency willing to buy the software and pay the licensing fees.

The systems come with civil liberties baggage -- privacy issues that aren't completely articulable, at least not in terms of what the courts have held to contain sufficient expectations of privacy. A single photo of a car on a public road isn't a privacy violation. But what about dozens or hundreds of photos that more resemble a passive tracking system than a set of public snapshots? That's a bit more of a gray area -- one that hasn't been fully explored by the courts at this point. Adjacent decisions notwithstanding, ALPRs are mildly intrusive and have troubling implications due to their capabilities, but at this point, they still operate within the confines of the Constitution.

So, if civil liberties are still intact, what's the next point of attack? Maybe it's the alleged efficiency. Are law enforcement agencies getting their money's worth?

It's a trick question. First and foremost, it's the public's money paying for these. In many cases, DHS grants have paid for ALPRs, with local agencies name-checking terrorism and extremism to increase the odds of obtaining funds. Even when paid for out-of-pocket, it's still the public footing the bill.

Over the past five years, law enforcement agencies in Vermont have invested more than $1 million in technology that gathers millions of data points every year about the whereabouts of vehicles across the state.

Yet even with the millions of scans, the system has not led to many arrests or breakthroughs in major criminal investigations, and it hasn’t led to an increase in the number of tickets written for the offenses the technology is capable of detecting.

No one sells a city council (or the general public) on the wonders of ALPRs by highlighting how many unregistered vehicles might be ticketed or pointing out other mundane traffic enforcement benefits they might provide. Probably just as well, considering these systems have had no discernible effect in these areas.

It's the "big ticket" crimes that sell ALPRs and push them past the complaints of those concerned about citizens' privacy and civil liberties. Kidnapping, auto theft, child pornographers, terrorism, etc. These are the sort of thing that put lead in legislators' collective pencils, stirring them to approve funding or sign off on grant requests, and so on. How do Vermont's ALPRs stack up against capital-C "crime?"

In the 18 months leading up to Jan. 1, 2013, the 61 license plate readers operating in the state at the time did a lot of recording. A VPR study of public information from local, state and federal law enforcement showed that during that time period, police across the state logged 7.9 million license plates and stored them in a central, statewide database along with the time and location they were scanned.

Despite the financial investment in the systems, they were helpful in solving fewer than five crimes in 2013. The number of tickets written for driving with a suspended license and driving with an expired registration (two violations that ALPRs can detect) hasn’t gone up since the technology was introduced in mid-2009.

Millions of plates. Five (5) crimes solved. Number of tickets issued flat.

So, what do you do? As a legislator who approved funding for this, do you accept this as part of the learning curve or do you demand more from the technology? Do you tell the public, "We appreciate your input but feel that a literal handful of successful criminal investigations far outweighs any privacy issues or budgetary concerns"?

An interview with an officer who uses the ALPR system adds some nuance to the discussion, including the fact that law enforcement's civil liberties precautions contribute to the perceived inefficiency of the system. But underneath it all, it's viewed as just another "tool" for local law enforcement to use, albeit one that can't seem to pull its own weight. No one wants to say the equipment is non-essential or possibly redundant, but the officer interviewed (Sergeant Cram) makes this damning statement.

Despite the $25,000 tool, Cram says the majority of the Winooski Police Department’s traffic stops are still done the old-fashioned way, with officers stopping drivers for infractions like rolling through a stop sign or failing to yield at a crosswalk.

Still, Cram says the federally-funded ALPR is a valuable tool, even though he doesn’t think the city would have put up $25,000 of its own money to buy one.

The city wouldn't have ended up with one if the DHS wasn't giving them away. That's how extraneous this "tool" is. The lack of successful criminal investigations backs this up. The fact that traffic enforcement has remained stagnant even with the addition of several million plate scans per year is the final nail in the coffin.

No one -- at least not in Vermont -- needs this technology. But if someone else is willing to pay, they'll take it. And they'll use it. And years down the road, they'll likely still have nothing to show for it but a massive database tracking the movement of millions of non-criminals.

from the a-secret-repository-of-public-data dept

Los Angeles law enforcement has been battling privacy activists seeking access to license plate data for over a year now. The plate and location data scooped up by the city's many automatic license plate readers is considered fair game by law enforcement because visible license plates obviously don't carry any sort of expectation of privacy.

This argument only goes one way though. Back in July of last year, the Los Angeles Sheriff's Dept. refused to hand over plate data, citing confidentiality concerns. While using one of side of its mouth to argue that plates aren't personally identifiable information, the LASD used the other side to claim that releasing the data was impossible because even anonymized, non-personal data was too sensitive for public release. Let that argument soak in for a bit, because that's basically what Judge James Challant said in his opinion preventing the release of the data:

"The [LPR] data contains hot list comparisons, the disclosure of which could greatly harm a criminal investigation," Superior Court Judge James Chalfant wrote in his 18-page decision. "It also would reveal patrol patterns which could compromise ongoing investigations, and even fixed point data could undermine investigations. Disclosure could also be used by a criminal to find and harm a third party. Balanced against these harms is the interest in ascertaining law enforcement abuse of the ALPR system and a general understanding of the picture law enforcement receives of an individual from the system, unsupported by any evidence as to how well the ALPR data will show this information. The balancing works in favor of non-disclosure."

So, harvesting license plates and location data is no different than walking around with a camera snapping photos of vehicles driving or parked on public streets. But this very public collection method is somehow also a protected method that could be undermined by the release of data. While some patrol patterns might be ascertained from a week's worth of data, it's unlikely that such a short selection would reveal much. The judge also could have asked for a redacted release, with plates/locations tied to ongoing investigations blacked out, but instead he simply bought into law enforcement's arguments. (Caveat: Los Angeles law enforcement has argued that every plate collected is "relevant" to its investigations.)

The idea that a criminal could use the database to "find and harm someone" is the most ridiculous statement. (Although the circular reasoning about whether or not the undisclosed information will show abuse by law enforcement comes close. If you can't see it, you can't really look for signs of abuse.) License plates are public information. Anyone with eyes could "find and harm someone" by looking for license plates. (And -- again -- I thought this data wasn't "personally identifiable.") As long as the vehicle isn't parked inside, anyone can see its plate and location. While a dump of license plate data would make it easier, it's not as though withholding the information will have any noticeable effect on that sort of criminal behavior.

The end result is the expected: law enforcement gets access to anything considered "public information" and the public gets nothing in return but second-hand concerns about compromising investigations. It's the same argument, whether it's local law enforcement or the NSA. The public can't logically make the argument that plate readers are a violation of privacy but it has every right to expect that its law enforcement agencies are handling data responsibly and can be held accountable if they aren't. Humoring arguments like "all data is relevant" and "public data is confidential" doesn't achieve that end.

from the I'm-not-familiar-with-the-sort-of-thing-you're-asking-for dept

Law enforcement agencies are generally pretty happy with their automatic license plate readers. It allows them to harvest millions of plate/location records without having to exit their vehicles, much less slow them down. It also allows them to spring from their cruisers with guns out and force non-car thieves into submissive positions while they perform the sort of due diligence that should have been completed long before the cops/guns exited their respective holders.

What they don't seem to like is anyone asking questions about the massive databases they're compiling or whether they've bothered to institute any minimization/privacy policies. When questioned, they usually talk about what a great tool it is for crime-fighting, even if said tool contains millions of useless photos entirely unrelated to criminal activity. Some even claim that every single photo in the database is integral to ongoing investigations and therefore cannot be subjected to minimization procedures, much less the pesky FOIA requests of surveilled citizens.

This letter is in response to your FOIA request in which you requested the number of ALPR records Fairfax County currently has on file. This number is constantly fluctuating, but as of 05/20/2014 at 1003 hours there were 2,731,429 reads in the system.

You further requested any available metric the county uses to determine the system's effectiveness. It was found that the Fairfax County Police Department does not possess any such responsive materials based on the information you requested.

The assumption here is that the system works. The Fairfax County PD occasionally posts arrests linked to ALPR database hits and… well, beyond that, the PD draws a blank. Presumably a handful of arrests justifies a multi-million image-and-location photo database. But this lack of self-assessment shouldn't be acceptable, not for an agency that has abused its technology in the past.

The license plate readers demonstrated a high error rate. Four ALPR vehicles used in Fairfax County over the course of five nights in February 2009 scanned 69,281 vehicles. The camera database produced twelve bogus hits and recovered four stolen vehicles, for a recovery rate of 0.6 percent and an error rate of 1.7 percent.

The technology can be used responsibly, but law enforcement agencies with tough minimization policies are almost nonexistent. And as we've seen twice in the last month alone, officers relying on faulty data aren't making an effort to verify database hits before attempting to effect arrests. Someone's going to be hurt or killed because of bad data, and hardly anyone in law enforcement seems to be concerned. If they did, strict policies on verification and disposal of non-hit data would be the rule, rather than the exception.

from the we're-really-just-like-some-dude-with-a-point-and-shoot dept

Private companies engaging in large-scale surveillance are pushing back against the push back against large-scale surveillance… by filing lawsuits alleging their First Amendment right to photograph license plates is being infringed on by state laws forbidding the use of automatic license plate readers by private companies.

Now, these laws aren't saying law enforcement agencies can't use these readers. They can. What they do say (or did… Utah's law was amended after a lawsuit by license plate reader company Vigilant) is that private companies, like repossession firms and tow truck services, can't use these readers. But apparently they do, and those who manufacture and support the equipment would like to continue capturing this market.

In this case, the two firms in question—Digital Recognition Network (DRN) and Vigilant Systems—generate, maintain, and share access to the license plate reader database with law enforcement.

The new Arkansas state law took effect in 2014, and it bans the private collection of license plate reader data while still allowing the cops to use the devices, usually mounted on patrol cars. The two companies say that their First Amendment rights are being violated, as they are allowed to photograph—even under an automated, high-speed process that is then shared with law enforcement—any and all license plates, anywhere.

There's a bit of a disconnect in Viglant's/DRN's logic, but one that's a bit troublesome for the courts to address. By portraying the capture of license plates at a rate of nearly 1,000 per hour as little more than a digital version of someone taking individual photographs of publicly-displayed plates, the companies hope to make its technology look less intrusive than it is.

The troublesome part is that courts have held that privacy violations that don't exist in the singular can't magically be summoned by en masse collections. There are definitely privacy concerns, however, especially when this information is used (and misused) by law enforcement. But the companies argue that there's nothing personally identifiable about a license plate, at least without access to other databases like those held by states' departments of motor vehicles. (Oddly, law enforcement officials have made the same argument, despite having this access.) This is true, but it's of little comfort when the privately-held database contains 1.8 billion records and is growing at the rate of 70 million per month.

Here's the crux of Vigliant's First Amendment assertions.

Plaintiffs' dissemination of license-plate information collected by ALPR systems is speech protected by the First Amendment. Similarly, the use of ALPR systems to collect and create information by taking a photograph amounts to constitutionally protected speech.

The Act is a content-based speech restriction. The illegality of speech under the statute turns on the content of what is being photographed and transmitted through ALPR systems-license-plate information is covered, but other content is not. The Legislature has singled out the collection and dissemination of "images of license plates" and the resulting "computer-readable data." Ark. Code§ 12-12-1802(2), 12-12-1803(a); see also § 12-121082(3). Moreover, the Act's extensive exceptions further demonstrate that it discriminates based on the content of the speech and the identity of the speaker.

This is a tough hurdle for the state to leap and is likely what prompted Utah to heavily amend its state law in exchange for Vigilant dropping the lawsuit. Unfortunately, in Utah's case, the state seems to have overcompensated. The amendment strikes any prohibition of a private entity collecting license plate data and allows these same entities to sell collected data to other third parties, something it expressly forbids government agencies from doing. It also allows for these companies to hold onto the data for as long as nine months, something that was only 30 days in the original bill.

So, Vigilant's point remains that what it does in terms of collection is not a violation of privacy because it does not have access to DMV databases holding personally-identifiable information. It glosses over the fact that it provides access to hundreds of law enforcement agencies around the US, all of which can acquire the connecting data. But that does seem to put the onus on law enforcement agencies to provide adequate privacy protections, including timely disposal of non-hit data. So far, very few agencies have attempted to so. In Utah's case, there are nine months of historic, non-hit data at law enforcement's fingertips, all with time and location info.

In the singular (as Vigilant's argument goes), this isn't a privacy violation -- no different that someone taking a picture of a vehicle in public. But several months of time and location data creates something that can only be achieved through dedicated surveillance, something that does raise privacy questions, especially in light of the recent court decision finding that law enforcement officers need warrants to track cell phone users' locations. This is the same principle. Law enforcement agencies shouldn't be accessing months of plate location/time data unless it's part of an investigation -- and if it is, someone neutral needs to be deciding whether or not every license plate hit is relevant to the situation.

from the verification-to-be-performed-at-gunpoint dept

We recently covered a story about a lawyer who found himself approached by cops with guns drawn after an automatic license plate reader misread a single character on his plate as he drove by. The police did make an attempt to verify the plate but were stymied by heavy traffic. Unfortunately, it appears they decided to force the issue rather than let a potential car thief escape across the state line.

As I pointed out then, the increasing reliance on ALPRs, combined with the one-billion-plus records already in storage and the millions being collected every day, means the number of errors will only increase as time goes on -- even as the technology continues to improve. This person was lucky to escape with nothing more than an elevated heart rate. Others won't be so lucky... like Denise Green of San Francisco.

Green's civil rights lawsuit has just been reinstated by Ninth Circuit Court of Appeals, which overturned an earlier decision that granted summary judgment in favor of the San Francisco Police Department. The lower court found that the officers had made a "good faith, reasonable mistake" when they performed a felony stop of Green, which included being ordered out of her vehicle and onto the ground at gunpoint and held in cuffs for nearly 20 minutes while officers verified the plates and filled out paperwork.

It is undisputed that the ALPR occasionally makes false “hits” by misreading license plate numbers and mismatching passing license plate numbers with those listed as wanted in the database. Because of the known flaws in the system, SFPD officers are trained that an ALPR hit does not automatically justify a vehicle stop, and SFPD directs its officers to verify the validity of the identified hit before executing a stop.

Patrol officers are instructed to take two steps to verify a hit before acting on an ALPR read. The first step is to visually confirm the license plate (to ensure that the vehicle actually bears the license plate number identified by the camera); the second step is to confirm with the system that the identified plate number has actually been reported as stolen or wanted.

The opinion notes that the SFPD, at the time of the incident, actually had no official verification policy in place that designated which officer(s) should perform this task. The expert testifying on behalf of the PD indicated that it would most likely be performed by the operator of the "camera car" (the vehicle with the ALPR) but was unable to point to any policy actually stating this.

So, there's one level of failure. It could be that all of the officers involved (at least four, according to court documents) thought someone else had handled the verification. That would be an "honest mistake," but that shouldn't allow the department to escape being held accountable for its lack of clear verification procedures.

On the night of March 30, 2009, Appellant Denise Green, a 47-year-old African-American woman with no criminal record, was driving her vehicle, a 1992 burgundy Lexus ES 300 with license plate number 5SOW350, on Mission Street in San Francisco. At approximately 11:15 PM, Green passed a police cruiser equipped with an ALPR operated by SFPD Officers Alberto Esparza and Robert Pedersen. When Green drove past Esparza and Pedersen’s camera car, the ALPR misread her license plate number and identified her plate as belonging to a stolen vehicle. It was late and dark outside, which rendered the ALPR photograph blurry and illegible. As a result, Officer Esparza could not read the ALPR photograph, nor could he get a direct visual of Green’s license plate.

Esparza was currently involved in an arrest, so he radioed in the hit. He identified the vehicle as a dark Lexus with the plate number 5SOW750, one digit off from Green's actual number. Dispatch ran the number and found that the plate belonged to a stolen gray GMC truck. The opinion notes that Esparza never bothered to inform dispatch that he had not verified the plate number himself and was working from a lousy ALPR photo.

Sergeant Kim was in the area and heard the radio traffic linking the plate (5SOW750) to a grey pickup and Esparza's observance of a dark Lexus. Kim had plenty of chances to clear up the misidentified plate, but he never did so.

Sergeant Kim saw that the first three numbers of Green’s license plate matched the plate read over the radio, but he did not visually identify all seven numbers on Green’s license plate. He also radioed Officer Esparza for a description of the vehicle, and Officer Esparza confirmed that the vehicle he saw was a dark burgundy Lexus. Sergeant Kim then decided to make a “high-risk” or “felony” stop...

Because Sergeant Kim believed that Green posed a risk, he waited for backup before pulling her over. While he waited, he followed her vehicle for a brief amount of time and, at one point, even stopped behind her at a red light. At no point while he was following or stopped behind Green’s vehicle did Sergeant Kim visually confirm the entirety of Green’s license plate number, even though nothing obscured his ability to do so. Furthermore, Sergeant Kim did not confirm Green’s plate number with dispatch, but he did hear Officer Esparza inquire whether the vehicle with the plate number 5SOW750 was stolen. Sergeant Kim admits that if he had read the full plate, he would not have had the reasonable suspicion to effect the stop.

But the stop was made and Green was approached by at least four officers with weapons drawn. She was restrained, cuffed and held while the SFPD officers finally got around to verifying the plate number on her vehicle.

The SFPD, while fighting Greene's Fourth Amendment claims, chose to spin Officer Esparza's lack of verbal confirmation that he had personally observed the plate (rather than the ALPR's lousy photo) as a credible, non-verbal assertion that could "reasonably" prompt other officers into action. Sergeant Kim took Esparza's lack of information to be an affirmation of his visual verification of Greene's plate, giving him the reasonable suspicion to effect the stop. The court approaches this argument from another angle, stating that Esparza's lack of confirmation should have been an indication that Kim needed to perform additional verification.

Because of the SFPD's lack of clear policy and the Officer Kim's willingness to believe Esparza's unstated claims, the officers effected a felony stop based on very little information and a whole lot of belief. Neither of these are enough to rise to the level of "reasonable suspicion," and certainly not enough to justify the amount of force deployed -- especially considering Greene was "physically unthreatening" and compliant during the whole stop.

Once again, we see law enforcement deploying technology without guidelines for usage. (We also see Sgt. Kim's reluctance to spoil a felony stop by actually reading a license plate that was directly in front of him for several minutes...) Many police departments tend to prefer unsupervised tech, an attitude that is increasingly resulting in policy being set by lawsuit. Abuse first, settle later, and lastly, institute guidelines. It's a hell of a way to "enforce law," when everyone's being policed but the police.

Homeland Security Secretary Jeh Johnson on Wednesday ordered the cancellation of a plan by the Immigration and Customs Enforcement agency to develop a national license-plate tracking system after privacy advocates raised concern about the initiative.

The order came just days after ICE solicited proposals from companies to compile a database of license-plate information from commercial and law enforcement tag readers. Officials said the database was intended to help apprehend fugitive illegal immigrants, but the plan raised concerns that the movements of ordinary citizens under no criminal suspicion could be scrutinized.

The (stated) reasoning behind this wasn't the outrage the announcement generated. Instead, officials are portraying it as some sort of rogue bid solicitation, done with no one's permission that somehow magically appeared on an official government platform.

“The solicitation, which was posted without the awareness of ICE leadership, has been cancelled,” ICE spokeswoman Gillian Christensen said in a statement. “While we continue to support a range of technologies to help meet our law enforcement mission, this solicitation will be reviewed to ensure the path forward appropriately meets our operational needs.”

This itself should be concerning. If ICE leadership can't even keep an eye on its all-too-helpful minions, one is forced to wonder how many other solicitations have "escaped" in this fashion… and how many of those turned into actual ICE/DHS programs.

But I wouldn't dwell on the ICE's internal failures for too long. The most plausible explanation is that someone up top at the DHS or ICE suddenly realized that publicly calling for bids on a nationwide surveillance system while nationwide surveillance systems are being hotly debated was probably a horrible idea.

This may have been put on the back burner by the agency but it's not simply going to go away. It will return, either via a super-secret bidding system that turns the job over to favored government contractors, or further down the road, when the heat surrounding surveillance of US citizens dies down.

As it stands right now, nothing much changes for ICE. There are several ALPR contractors already in service who have collected (and continue to collect) millions of license plate records. And these can all be accessed by government agencies just as easily as they're accessed by local law enforcement -- without warrants, subpoenas or anything else that might generate a paper trail.

But don't worry, citizens. When this inevitably returns, ICE will have your privacy in mind. After all, the bid solicitation specifies that the system must conform with the Privacy Act of 1974. Nothing says "privacy" in 2014 like a 40-year-old law, especially one loaded with convenient exceptions for law enforcement.

from the more-'harmless'-metadata dept

In what reads like bad news all over, the DHS has just requested quotes for national automatic license plate reader (ALPR) database. There are currently several ALPRs in use and law enforcement agencies have been working hard to link systems up in order to better track vehicles as they move around the country. This has been hampered somewhat by multiple vendors, most of which aren't particularly interested in working with competitors. But even with multiple vendors, there's still a whole lot of data being stored -- a majority of which is entirely unrelated to criminal activity -- in easily-accessible databases.

License plate readers are used not only by police but also by private companies, which themselves make their data available to police with little or no oversight or privacy protections. One of these private databases, run by a company called Vigilant Solutions, holds over 800 million license plate location records and is used by over 2,200 law enforcement agencies, including the U.S. Department of Homeland Security.

A nationwide database, with records accessible by law enforcement and investigative agencies with few restrictions is obviously a concern. Tracking vehicles as they move around the country generates a ton of location data that can reveal a great deal about a person. It's always argued that what you do in public carries no expectation of privacy, but that statement is somewhat meaningless when you consider the number of plates ALPRs scan and store. Most states with ALPRs have gathered millions of records, which are held for as long as 5 years, with little in the way of minimization procedures. ELSAG, another ALPR vendor, brags in its own promotional Powerpoint presentation that it has collected 50 million records in New York City alone, without a single mention of minimization processes or the disposal of non-hit data.

For the government to actively call for a nationwide database is troubling. Since this is a solicitation for bids, there's no discussion on what, if anything, will be required from the winning contractor in terms of storage, minimization or disposal. Given the track records of the largest vendors, it's likely these issues will be of lesser concern than other aspects, like scanning speed and database accessibility.

The call for bids may have something to do with Vigilant's recent efforts, both on the PR front and in the courtroom.

It posits that a new Utah law which bans license plate collection by private companies, effectively put it out of business in the state. The law was intended to keep data from falling into police hands without oversight, and is among the first by surveillance technology firms to argue against privacy laws invoking the First Amendment.

The Texas company fired back, arguing that collecting license plate numbers is free speech. The lawsuit draws upon a recent major Supreme Court ruling, Citizens United v. FEC, which overturned a law curbing corporate and union donations to political campaigns. In effect, the Court ruled that money is speech.

“The Texas company says it’s not a police agency – law enforcement already is exempt from the ban under Utah’s new law — nor can it access in bulk federally protected driver data that personally identifies the letters and numbers it collects from license plates in public,” the Associated Press reported Thursday. “The company said it only wants to find cars that have been stolen or repossessed, not to cull large swaths of data and incriminate people from their travel habits.”

“Taking and distributing a photograph is an act that is fully protected by the first Amendment,” said DRN / Vigilant Outside Counsel Michael Carvin. “The state of Utah cannot claim that photographing a license plate violates privacy. License plates are public by nature and contain no sensitive or private information. Any citizen of Utah can walk outside and photograph anything they please, including a license plate.”

This is an interesting approach. It's a bit disingenuous to compare scanning license plates at a rate of hundreds per hour to someone walking around taking pictures of license plates (not the least of which is the fact that a private photographer most likely wouldn't have a searchable database), but underneath it all, the point remains: these are photographs of publicly-available items. It will be tough for a court to find a "bright line" that separates these two without weakening First Amendment protection. Then again, as the ACLU has noted, it's not really the photography that's a problem, it's the handling of the non-hit data, something that won't be addressed in this suit. That's Utah's problem and if it loses this case, then it needs to push for heavy restrictions on how the data is accessed and used, as well as rules on data disposal.

Using an unpopular decision (Citizens United) to argue that losing income equals losing free speech rights is a bit more troublesome. Of course, those opposed to that decision may welcome a court battle on the issue, as it may cast further doubt on the validity of that ruling. But does a company deserve to make money, much in the way it might deserve First Amendment protections? That's another grey area with no bright line and this two-pronged approach may allow Vigilant and DRN to set up their ALPR systems despite the state of Utah's opposition. (Of course, Utah would be free to use another vendor, but any decision in the ALPR companies' favor will help them attack similar laws elsewhere.)

Vigilant Solutions announces today that the Loganville Police Department in Georgia attributes recent and significant arrests to their use of license plate recognition (LPR) technology from Vigilant Solutions.

Assistant Chief M.D. Lowry comments, “On January 7, one of our officers received an alert from his license plate reader (LPR) system on a vehicle which was associated with an active arrest warrant out of Texas. Our officer initiated a traffic stop per policy and identified the driver. Following protocol, the officer used other systems to validate the hit and was able to confirm the driver was wanted out of Del Rio, Texas for Indecent Acts with a Child, 2nd Degree. The suspect was taken into custody without incident and transported to the Walton County Jail to await extradition…"

We have only had our single unit for only a few months, but it is already proving its value by helping us to remove these threats from our community. I can tell you that the capture of a child molester from nearly 1,200 miles away was more than worth the cost of the LPR unit. If we never make another case with it, it was worth the cost.”

Two immediate questions arise. The first is: if you never make another case with it, what's the point of gathering all that data? Does the arrest of one child molester make the routine harvesting of thousands of plates of non-child molesters "worth it?"

Second: pointing out the ends as justification for the means is a rhetorical dodge. There are any number of things law enforcement could do to bump arrest numbers -- like house-to-house searches and eliminating the probable cause requirement for warrants -- but neither takes into consideration the constitutional rights of those on the receiving end of these actions. Law enforcement is supposed to work within these limitations, rather than see how hard they can push back against them.

The call for bids on a national ALPR database takes a localized problem and makes it worse. The government (both on local and national levels) has shown repeatedly that it prefers to implement technology before considering the privacy implications. Post facto "repairs" generally only come into play once widespread misuse has already been reported. This is a chilling, but not unexpected, development. If it can be construed as "public," then it's the government's for the taking, apparently.